Cyber-attacks commonly occur through applications, browsers, un-patched vulnerabilities, or social-engineering. Deploying Device Guard (a central feature in the suite of Microsoft’s Windows 10 security features) does not eliminate the possibility of being targeted for attacks, but it does significantly reduce the attack surfaces favored by bad actors and malware writers.
What Device Guard does is harden those various attack surfaces by creating a “chain of trust” from the hardware and firmware configuration involved with the boot process, up through the Windows OS kernel and to software running in Windows.
The aim is to ensure all components involved are trusted and have not been compromised or tampered with at any time. This is called defense in-depth security: the endpoint is secured in multiple layers rather than focusing on just one layer and ignoring others.
However, Deploying Device Guard is no cup of tea, nor for the faint of heart. There are a number of components in its architecture and detailed processes to follow. Learning more about Device Guard is sure to present some new concepts in Windows that are worth taking the time to understand.
In this white paper, which I have co-authored with Dave Fuller, we not only give readers a greater understanding of how Device Guard works, but – much more importantly – explain how you can implement it, and develop your ‘whitelist’ of trusted applications. It’s a real must-read for anyone aiming for a secure Windows 10 for their business.